Your privacy – GDPR Policy

At Circus House Dental & Implant Centre, we are committed to protecting the privacy and security of your personal information.

Our patients trust us with their dental care—and their information. Looking after your information is the cornerstone of trust between us. It underpins the great care our dental team gives you.

Our commitment to your privacy

• No fuss: You have the right to knowhow we collect and use your information. For more details, please take a bit of time to read how we do this below.

• No frills: We only collect the information we need so that we can let you know about the things that matter to you. We look after it like it’s our own.

• No surprises: You are always in control of how you hear from us and what you hear from us about

• No spam: We will never sell your information to anybody else.

• No worries: Have a concern? Want to get in touch? No problem, use our contact us button at the top of this page and we’ll get back to you as soon as we can. Or drop the practice team a line at info@circusdental.co.uk

Circus House Dental & Implant Centre - privacy policy for patients

For more information on how we collect and use your information as a patient of practice, please refer to the practice privacy policy for patients. Please note that even if you no longer want us to contact you for the reasons we set out below (for example, you no longer want details about our products and services), we will still need to contact you on any clinical matters under the practice privacy policy for patients.

Finding your way around this webpage

1 The kind of personal information we hold about you

2 Collecting your personal information

3 Using your personal information

4 Failing to give us your personal information

5 Changing why we use your personal information

6 Sharing your personal information

7 Securing and protecting your personal information

8 Keeping your personal information for as long as necessary

9 Keeping your personal information up to date

10 Exercising your legal rights

11 Dealing with cookies

12 Exercising your right to withdraw consent

13 Contacting the Data Protection Officer

14 Changes to this privacy notice

How can I get extra help?

If you would like this information in another format please contact us and we will do our best to help you. Our details are as follows:

Circus House Dental & Implant Centre

Circus House

Bennett Street

Bath BA1 2EX

E-mail: info@circushouse.co.uk

The kind of personal information we hold about you

In the table below, we set out the personal information, which we collect and use about you:

Personal contact details:

What we use: your:

• name

• title

• marital status

• address

• telephone number, and

• email address.

Why we use it: we do this so that:

• we can:

◦ register your details

◦ contact you in connection with any products and services, and

◦ manage our relationship with you

What the lawful basis for using it is:

• for when we send you details of products and services which may be of interest to you: your consent,

• for managing our relationship with you:

◦ it is necessary to comply with a legal obligation (such as when we need to tell you about any changes to these details), and

◦ it is necessary for our legitimate business interests (to keep our records updated), and

• for managing our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data): it is necessary for our legitimate interests (to run our business, provide administration and IT services and network security and to prevent fraud) .

Username details:

What we use: your

• username (such as any name you use on any social media site or on any NHS or HSC website).

Why we use it:

• respond and deal with any queries, comments or feedback that you have.

What the lawful basis for using it is: it is necessary for our legitimate interests (see the reasons in the column to the left).

IP address:

What we use:

• your Internet Protocol (IP) address if you visit our website.

Why we use it: we do this so that we can:

• understand the types of patients who need dental and orthodontic treatment

• keep our website updated and relevant, and

• develop our business and to inform our marketing strategy.

What the lawful basis for using it is: it is necessary for our legitimate interests (see the reasons in the column to the left).

Any other personal information:

What we use:

• any communication with us where you let us have your personal information.

Why we use it:

• respond and deal with to any queries, comments or feedback that you have.

What the lawful basis for using it is: it is necessary for our legitimate interests (see the reasons in the column to the left).

In the table below, we set out the ‘special categories’ of more sensitive personal information which we collect and use about you.

• let you know about anypractice products and services which may be of interest to you, and

• enter you into any competition which you want to enter.

What the lawful basis for using it is: your consent.

The further lawful basis for processing this more sensitive personal information is that you have given us your explicit consent for the specified purposes (see the reasons in the column to the left).

Here is a bit of detail on what we mean by ‘personal information’ and ‘legitimate business interests’:

• ‘personal information’ means any information about you from which you can be identified, and

• ‘legitimate interests’ means the interest of the practice in managing our practices and business generally so, ultimately, we can give you the best possible care. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

The company responsible for your information and privacy (also known as the ‘data controller’) is I M Smile Ltd.

What would you change about your smile?

If you have completed one of our ‘Smile Checker’ forms, any information you give to us will only be used by your dental care professional to discuss your dental needs at your practice. We do not record any of the information in that section and we will dispose of this form securely at the end of our conversation.

Collecting your personal information

We collect your personal information from you only.

This may be:

• directly from you such as when:

◦ you let us know how you want to hear from us and what you hear from us about

◦ you complete one of our ‘Smile Checker’ forms (such as when you are visiting one of our practices) and

◦ you complete any other similar forms on our website or in practice, or

• indirectly from you, such as when you interact with our website and when we use online personalised ads. When you do this we collect and use technical data automatically about your equipment, browsing actions and patterns. We collect and use this personal data by using cookies and other similar technologies. We also receive technical data about you if you visit other websites employing our cookies (for more details, go to our Cookie policy and see ‘Seeing ads for our practice online’ in the ‘Using your personal information’ section).

Using your personal information

We will only use your personal information when the law allows us to.

We use your personal information to let you have details of the products and services which you have told us you are interested in and related information to that such as:

• dental health information

• exclusive offers and discounts, and

• competitions.

Seeing ads for our practice online

We like to keep you aware of the great products and services which we offer. This means that if you visit our site, other sites such as Google will show our practice ads on other sites across the Internet (including Google itself). Google helps us do this by using cookies or similar technologies on your computer.

For more information on how Google collects and uses your personal data, please take a bit of time to read their privacy policy

Failing to give us your personal information

You are always in control of your information. If you don’t want us to send you details of our products and services, we will respect your wishes. However, please bear in mind that if you don’t give us certain key personal information we won’t be able to contact you for the reasons set out in the ‘Using your personal information’ section.

Changing why we use your personal information

We won’t do this. We will only use your personal information to send you details of the products and services which you have told us you are interested in (see the ‘Collecting your personal information’ section).

Sharing your personal information

We may share your personal information with other people or businesses where:

• required by law

• where it is necessary for the purposes of administration (such as with other entities in the I M Smile Ltd group), and

• we have another legitimate interest in doing so.

If we do this, we require these third parties to respect the security of your personal information and to treat it in accordance with the law. In addition, all of our third-party service providers and other entities in the I M Smile Ltd group are required to take appropriate security measures to protect your personal information in line with our policies.

We do not allow our third-party service providers to use your personal information for their own purposes. We only permit them to process your personal information:

• for specified purposes, and

• in accordance with our instructions.

We will, where necessary, share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business.

We will also, where necessary, need to share your personal information with a regulator (such as the GDC or CQC) or to otherwise comply with the law.

Social media

We love social media and chatting with you there, whether it be on Facebook, Twitter, any NHS or HSC website or our ‘Big smiles blog’.

Don’t forget, however, that everybody can see everything you do there (our sites are public) so if you want us to keep your information private, please don’t put anything on these sites which you or your loved ones would like to keep private, whether now or in the future.

We will always try to respond to you using another medium such as e-mail or phone, where appropriate.

If you use certain social media features from within our website or connect with us on our social media webpages, the privacy policies of those companies will apply. Please read them carefully before you share your information with us and others as these companies may have different standards of protection of information than we do.

Securing and protecting your personal information

Your personal information deserves the greatest protection and security. This is why we have put in place appropriate security measures to prevent it from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality to us. Details of these measures may be obtained from our Data Protection Officer (see the ‘Data Protection Officer’ section).

We have put in place extensive procedures to deal with any suspected security breach which involves personal information and we will let you and any applicable regulator know of a suspected breach where we are legally required to do so.

Keeping your personal information for as long as necessary

We will only keep your personal information for as long as necessary to fulfil the purposes we collected it.

We may also need to keep it for other purposes including for satisfying any legal, accounting, or reporting requirements.

Once you no longer wish to hear from us we will retain and securely destroy your personal information in accordance with our Data Retention Policy. This states that we will delete your personal information as soon as we can.

Keeping your personal information up to date

It is important that the personal information we hold about you is accurate and current.

Please keep us informed if your personal information changes by letting a member of our team know when you are in practice or by calling the practice.

Exercising your legal rights

Under certain circumstances, by law you have the right to ask for:

• access to your personal information (commonly known as a ‘subject access request’). This means you can receive a copy of the personal information we hold about you and check that we are processing it properly

• the correction of the personal information that we hold about you. This means you can correct any incomplete or inaccurate information we hold about you

• the erasure of your personal information. This means you can ask us to delete or remove personal information where there is no good reason for us continuing to process it

• the restriction of processing of your personal information. This means you can ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it and

• the transfer of your personal information to another party.

• If you want to do any of these things please let a member of our team know when you are in practice or calling the practice.

In almost all circumstances you do not have to pay a fee to access your personal information (or to exercise any of the other rights).

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Your Data Matters: How can I learn more about protecting my information?

If you want detailed information on your rights, protecting your information, and what the Information Commissioner’s Office (ICO) does and how it can help you protect your information, please visit https://ico.org.uk/yourdatamatters. The ICO is the UK’s independent body which upholds information rights.

Dealing with cookies

Not all cookies are bad! Most websites you visit, such our practice web site site, use cookies to improve how the website works by letting that website ‘remember’ you, either for the duration of your visit (using a ‘session cookie’) or for repeat visits (using a ‘persistent cookie’). For more details, check out our Cookie policy.

Exercising your right to withdraw consent

You have the right to withdraw your consent at any time.

To withdraw your consent, please speak with a member of our team in practice, call the practice or use the unsubscribe function in any e-mail we send.

If we have got something wrong, please let us know and we will do whatever we can to try to fix it. Of course, you have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.

Changes to this privacy notice

From time to time will may need to update this privacy notice to reflect how we are collecting and using your information. If we do this, we will let you know (such as by email or a notice on the practice website) so that you can review any updates.

Details of any changes will also be recorded in our change log below.

Date

Nature of change

May 2018

New privacy policy adopted.

We are required under data protection laws to let you have the information contained in this privacy notice. If you have any questions about this privacy notice, please drop the practice team a line at info@circushouse.co.uk or contact the practice on 01225 447600

Data protection principles

We are committed to complying with data protection laws.

These laws say that the personal information we hold about you must be:

• used lawfully, fairly and in a transparent way

• collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes

• relevant to the purposes we have told you about and limited only to those purposes

• accurate and kept up to date

• kept only as long as necessary for the purposes we have told you about, and